Java: Active Directory Query Info with Minimal User Info
So here's the situation. We would like to be able to query the active directory for memberships in user roles / groups, etc. Now I can already do this using the standard Java API (javax.naming), but I need a username, domain server name / address, and a password for this. Users also have limited rights, so I cannot use external calls for convenient administrative tools.
Is there a way in Java that I can get this information with just the username and domain name or address? For this I am also open to third party packages. Alternatively, you can provide (or point me to) information on what needs to be configured in AD to allow this.
Hope this makes sense. I'm not an AD guru, so the more information the better.
source to share
Ok, so outlining what others have told me, and the extensive research I had to do with the clues given here, it looks like I'm just using my "special user" as the login information for my code, transparent to the user, and then execute the request using your credentials. So: in the code, bind the "special user", then execute the query with the current user as a query parameter (sAMAccountName = username).
Thanks for your input.
source to share
Your problem with having to log in is that AD does not allow anonymous requests. Before you can query the database, you must be logged in ("bind" in LDAP terms) as a valid user with sufficient query rights.
If your AD administrator is ready, you can create a special user for them (we call ours "ldapquery") who is allowed to bind and query the database. The user ID and password for this user will become the configuration values ββin your code.
source to share